Solaris in.fingerd information disclosure vulnerability

  • A vulnerability in the in.fingerd daemon in Sun Solaris versions 8 and earlier could allow a remote attacker to obtain sensitive account information. A remote attacker can send a specially-crafted finger request to a vulnerable system to cause a list of accounts to be returned to the attacker. This information can be used by the attacker to launch further attacks against the affected host.<br/><br/> The following request is sufficient to disclose a list of users:<br/> <strong><span class="bb-dark">finger 'a b c d e f g h'@sunhost</span></strong>
  • It is recommended to disable this service.